Axonius - Deploy Files and Run Shell Command on Windows Assets
  • 27 Mar 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Axonius - Deploy Files and Run Shell Command on Windows Assets

  • Dark
    Light
  • PDF

Article Summary

Axonius - Deploy Files and Run Shell Command on Windows Assets deploys an optional list of selected files and runs a command line on each of the windows devices which are the results of the query.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

  • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
  • Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
  • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
  • Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

  • Use stored credentials from the Active Directory adapter - Select this option to use the first connected Microsoft Active Directory (AD) adapter credentials.

Required Fields

These fields are required to run the Enforcement Action.

Note:

Even if you just want to deploy a file, you need to fill in the Command and Command name fields.

  • Command - Specify the command you want to run on the windows device. Add a condition to the command to print the result into the Command Name field. For example, "wmic computersystem get name" OR just "echo".

  • Command name - Specify the field name to be added to the device. If you set the Command field, then you must add a value to this field. This new field will be populated if a condition has been added in the command field.

  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • DNS Servers - Specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).

    • If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
    • If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
  • Use NBNS - Use the NetBIOS Name Service protocol.

  • Max timeout for the created process - Set the maximum time (in seconds) for the created shell process to run before it is terminated.

  • Reset timer for each request in seconds - Set the maximum time for each WQL query to return a response.

  • Files to deploy - To deploy files on the device, use the following controls to upload one or more files:

    • 'Choose file' - to choose a file to be upload.
    • '+' - to upload additional file.
    • 'x' - to remove the uploaded file.
    NOTE
    The uploaded files are deployed to the c:\windows\axonius folder. When uploaded, if a file with the same name already exists, it is overridden by the new uploaded file. Uploaded files are not automatically deleted.
  • Path to Remote Files - Enter the path to the remote files to deploy. Remote services can be: FTP, SFTP, SMB or URL.

  • Suppress NetBIOS name lookup - Do not use the NetBIOS name lookup.

  • Additional HTTP headers - Enter any additional HTTP headers.

  • HTTP proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • Replace command variables with Axonius fields - You can use Axonius fields as values in command parameters in place of variables. For example, by creating a mapped field named "MY_FIELD", you can insert it into the command by adding the string "{AXONIUS_ATTRIBUTE:MY_FIELD}", using the keyword AXONIUS_ATTRIBUTE, where you want this value to be inserted. Each field must be enclosed in curly brackets to mark the beginning and end of the field name.

    For example, the field TOKEN is used in the following command:

    CsUninstallTool.exe MAINTENANCE_TOKEN={AXONIUS_ATTRIBUTE:TOKEN} /quiet
    

    See Axonius to External Field Mapping for more information.

REplaceCommandWithAxoniusField.png

  • Files Directory - Specify the directory to which the files uploaded by the Enforcement Action will be deployed.
  • Gateway Name - For Axonius-hosted (SaaS) deployments. Select the gateway through which to connect to perform the action.

Connection Parameters

If Use stored credentials from the Active Directory adapter is disabled, these fields are required.

  • User name and Password - Provide credentials to connect and to execute the command on the windows device: user name and password.

Required Ports

The following ports should be opened:

  • 135 RPC
  • 445 SMB
  • Random port in the range: 1024-65535

For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.